Re: Session-Id

Koen Holtman (
Sat, 22 Jul 1995 11:47:10 +0200 (MET DST)

John Franks:
>According to Koen Holtman:
>> John Franks:
>> >3. Server initiated session-ids have strictly greater generality.
>> >In particular, if you *really want* a server side data base you
>> >can have it using the server supplied cookie as a key.
>> They have no greater generality at all as far as I know. Could you
>> give an example?


> There is no way to do any client-side data
>bases (like the Netscape implementation of shopping baskets) with
>server initiated session-ids.

Client-side data bases are an implementation detail, I could just as
well say that server generated session-ids are less general because
they provide no way to do client side session-id generation.

> Similar functionality might be achieved
>with a server-side data base, but not as cleanly

Exactly the same functionality (to the end user) can be had, but
indeed not as cleanly.

Putting the generality issue aside, I must say I kind of like the
April 18, 1995 proposal by Dave Kristol for server generated
session-ids, that was posted in this thread a few messages back.